2.6 - Fix e-notice in modifier.escape.php

smarty-php / smarty

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

Other

2.24k stars 705 forks source link

2.6 - Fix e-notice in modifier.escape.php #892

Closed colemanw closed 1 year ago

colemanw commented 1 year ago

A null value will cause e-notices in most of the esc_types. Functions like htmlspecialchars, str_replace, preg_replace etc do not strictly allow null as an argument. Using an early-return if the value is empty() should also give a subtle performance boost, as none of the esc_types do anything meaningful to empty strings or the number 0.

scottchiefbaker commented 1 year ago

Could this be simplified to return "";?

colemanw commented 1 year ago

Could this be simplified to return "";?

No because '0' is also empty().

scottchiefbaker commented 1 year ago

Ah good point.

colemanw commented 1 year ago

As far as I can see there is no benefit to escaping integers either, and I'm not sure how the various escape functions that expect a string will cope with an integer (if not currently, maybe in the future they would thrown an e-notice?) so IMO this could be further improved as

if (empty($string) || is_int($string)) {
    return (string) $string;
}

But I didn't do that because this is a legacy project so I went for the minimal patch.

wisskid commented 1 year ago

Smarty v2 really isn't supported anymore. Don't run it in production, it probably has a bunch of security issues.